Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 8th September 2006, 14:39
jjw jjw is offline
Member
 
Join Date: Aug 2006
Posts: 87
Thanks: 0
Thanked 0 Times in 0 Posts
Default SMTP AUTH Failure: "Server Does Not Support Secure Authentication"

I've followed the how to here:
http://www.howtoforge.com/howto_post...uth_tls_howto/

And thanks to Falko for pointing out mirrors for the sources in the above tutorial.
http://www.filewatcher.com/b/ftp/ftp...stfix.0.0.html

I've gone through the complete install. No errors. I've added Dovecot (1.0) so I can retreieve email using pop. I've added users and and domains, and I can send mail to and from these clients using TLS/SSL. But I cannot get the server to authenticate smtp.

Can anyone help me? Where would I look for errors? I see nothing in messages, maillog, or the dovecot logs.

This is driving me crazy...
Reply With Quote
Sponsored Links
  #2  
Old 8th September 2006, 14:45
jjw jjw is offline
Member
 
Join Date: Aug 2006
Posts: 87
Thanks: 0
Thanked 0 Times in 0 Posts
Default

telnet localhost 25
ehlo localhost
Quote:
250-mail.wnetworks.net
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN DIGEST-MD5 PLAIN CRAM-MD5
250-AUTH=LOGIN DIGEST-MD5 PLAIN CRAM-MD5
250-XVERP
250 8BITMIME
main.cf
Code:
virtual_mailbox_domains = domain1.com, domain2.com
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_minimum_uid = 100
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_alias_maps = hash:/etc/postfix/virtual
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 450
home_mailbox = Maildir/
debug_peer_level = 2
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
manpage_directory = /usr/local/man
sample_directory = /etc/postfix
readme_directory = no
mydomain = wnetworks.net
myhostname = mail.$mydomain
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,check_relay_domains
inet_interfaces = all
alias_maps = hash:/etc/aliases
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
master.cf
Code:
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       -       smtpd   -v
#smtps    inet  n       -       n       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission     inet    n       -       n       -       -       smtpd
#628      inet  n       -       n       -       -       qmqpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       nqmgr
#tlsmgr   fifo  -       -       n       300     1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix  -       n       n       -       -       pipe
  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
cyrus     unix  -       n       n       -       -       pipe
  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

Last edited by jjw; 8th September 2006 at 15:16.
Reply With Quote
  #3  
Old 8th September 2006, 15:15
jjw jjw is offline
Member
 
Join Date: Aug 2006
Posts: 87
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Using saslauthd to check credentials:
Code:
#> /usr/sbin/testsaslauthd -u user_domain.com -p userpassword 
0: OK "Success."
I am using Dovecot's 'auth_username_translation':
auth_username_translation = @_

That is why above I use user_domain.com and below I use user@domain.com

Encoded username/password:
Code:
#> perl -MMIME::Base64 -e 'print encode_base64("user@domain.com\0user@domain.com\0userspassword");'
encodedpasswordoutput
Trying the encoded password via command prompt:
Code:
#> telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.wnetworks.net ESMTP Postfix
#> ehlo localhost
250-mail.wnetworks.net
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN DIGEST-MD5 PLAIN CRAM-MD5
250-AUTH=LOGIN DIGEST-MD5 PLAIN CRAM-MD5
250-XVERP
250 8BITMIME
#> AUTH PLAIN encodedpasswordoutput
535 Error: authentication failed
Reply With Quote
  #4  
Old 8th September 2006, 15:53
jjw jjw is offline
Member
 
Join Date: Aug 2006
Posts: 87
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Here is the output in my maillog re authentication when attempting from command line (the one I showed the telnet out from above):
Code:
Sep  8 07:53:33 mail postfix/smtpd[6790]: < localhost.localdomain[127.0.0.1]: AUTH PLAIN encodedpasswordoutput
Sep  8 07:53:33 mail postfix/smtpd[6790]: smtpd_sasl_authenticate: sasl_method PLAIN, init_response encodedpasswordoutput
Sep  8 07:53:33 mail postfix/smtpd[6790]: smtpd_sasl_authenticate: decoded initial response domain2.com
Sep  8 07:53:33 mail postfix/smtpd[6790]: warning: SASL authentication failure: Password verification failed
Sep  8 07:53:33 mail postfix/smtpd[6790]: warning: localhost.localdomain[127.0.0.1]: SASL PLAIN authentication failed
Sep  8 07:53:33 mail postfix/smtpd[6790]: > localhost.localdomain[127.0.0.1]: 535 Error: authentication failed
Reply With Quote
  #5  
Old 8th September 2006, 16:04
jjw jjw is offline
Member
 
Join Date: Aug 2006
Posts: 87
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thinking that perhaps I should not use the '@' and use the '_' instead, I got the new encoded credentials:

Code:
#> perl -MMIME::Base64 -e 'print encode_base64("user_domain.com\0user_domain.com\0userspassword");'
encodedpasswordoutput--2

And tried to telnet in:
Code:
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.wnetworks.net ESMTP Postfix
ehlo localhost
250-mail.wnetworks.net
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN DIGEST-MD5 PLAIN CRAM-MD5
250-AUTH=LOGIN DIGEST-MD5 PLAIN CRAM-MD5
250-XVERP
250 8BITMIME
AUTH PLAIN encodedpasswordoutput--2
235 Authentication successful

Voila!


The main problem however, is that the remote mail client is told that the server does not support secure authentication, before I have a chance to send a password.
Reply With Quote
  #6  
Old 9th September 2006, 15:39
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,751 Times in 2,581 Posts
Default

Quote:
Originally Posted by jjw
The main problem however, is that the remote mail client is told that the server does not support secure authentication, before I have a chance to send a password.
What are the exact error messages in your email client and in the mail log?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 9th September 2006, 16:16
jjw jjw is offline
Member
 
Join Date: Aug 2006
Posts: 87
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks Falko.

Exact error in mail client:
"Mail server does not support secure authentication"

There are no entries in the maillog.
Reply With Quote
  #8  
Old 9th September 2006, 18:47
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts
Default

Please remove the # sign in front of the lines:

Quote:
#smtps inet n - n - - smtpd
and

Quote:
#tlsmgr fifo - - n 300 1 tlsmgr
in your main.cf file and restart po postfix to enable secure authentication.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #9  
Old 9th September 2006, 19:25
jjw jjw is offline
Member
 
Join Date: Aug 2006
Posts: 87
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thank you for the reply Till.

I assume you meant master.cf, and I uncommented those lines, rebooted, and I am still getting the error message "Mail server does not support secure authentication."...
Reply With Quote
  #10  
Old 9th September 2006, 22:23
jjw jjw is offline
Member
 
Join Date: Aug 2006
Posts: 87
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

This is sooooo odd.

Here it is a couple of hours later. I *think* the server is now authenticating. I did nothing at all, just walked away.

I open up Thunderbird, and fired off a mail to a remote location. It was relayed OK. Then, I fired up my Outlook Express, and sent a mail, and I think it worked! /var/log/maillog shows the mail getting through!

I'm going to keep my eye on things here, but thank you for the help, Falko and Till. I think I'll just hang out here for a while if that's ok. I'm learning a lot from all the threads here...
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ERROR: The PHP binary coming with ISPConfig does not work properly on your system! micko_escalade Installation/Configuration 35 30th March 2007 12:31
Problem with BIND and ISPConfigs's DNS Manager Nejko Installation/Configuration 66 22nd April 2006 21:47
Install Error Alpha Installation/Configuration 9 6th April 2006 20:48
setup fails on debian 3.1 dtrumbower Installation/Configuration 7 7th March 2006 14:42
ISPConfig Failure on SuSe 9.3 gimhan90 Installation/Configuration 13 2nd February 2006 11:29


All times are GMT +2. The time now is 20:58.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.